Previous Crypto Policy News
Previous Crypto Policy News
- EPIC Joins Call for Stronger Encryption Standards: EPIC, joined by several organizations, today urged the National Institute of Standards and Technology to adopt "secure and resilient encryption standards, free from back doors or other known vulnerabilities." The groups raised concerns that the National Security Agency would influence the standard-setting process to enable surveillance of private communications. EPIC previously advised NIST to remove its support for a random number generator algorithm that the NSA compromised. EPIC also recommended that NIST inform the public of the full extent of the NSA's involvement in the Cybersecurity Framework. EPIC President Marc Rotenberg first warned of the risk that the NSA would influence NIST encryption standards in testimony before Congress in 1989. For more information, see EPIC: Cryptography Policy. (Nov. 20, 2014)
- Court Orders Report on Use of Secret Keystroke Monitor. In the first case of its kind, a federal court in New Jersey has ordered the FBI to disclose information concerning the surreptitious installation of a keystroke monitor used to capture a suspect's PGP encryption passphrase. Judge Nicholas Politan directed the government to produce a report "detailing how the key logger device functions" by August 31. EPIC has made the case documents, including the Judge's order, available online. (August 14, 2001)
- BXA Issues Revised Encryption Export Regulations. On October 18, 2000, the U.S. Department of Commerce Bureau of Export Administration (BXA) announced further revisions to the export regulations on encryption products. The new rules amend the Export Administration Requirements (EAR) and liberalize the export and reexport of encryption products to the 15 European Union member states and Australia, the Czech Republic, Hungary, Japan, New Zealand, Norway, Poland and Switzerland. The Administration first stated its intention to update it's encryption policy on July 17, 2000 in response to the European Union's decision earlier that month to create a "license free zone" for most encryption technologies. (October 19, 2000)
- Court Rules that Crypto Source Code is Speech. The U.S. Court of Appeals for the Sixth Circuit ruled on April 4, 2000, that "because computer source code is an expressive means for the exchange of information and ideas about computer programming, . . . it is protected by the First Amendment." The court decision was issued in Junger v. Daley, a legal challenge to U.S. export controls on encryption software. The case, in which EPIC filed an amicus brief, will now return to a lower court for consideration of the impact of new U.S. export regulations issued in January 2000. (April 6, 2000)
- EPIC Releases International Crypto Survey. On April 3, 2000, the Electronic Privacy Information Center released a study on encryption policies in 135 countries. Cryptograpy and Liberty 2000 finds that that the trend toward relaxation of export controls is continuing, but also that law enforcement agencies are seeking new authority and new funding to gain access to private keys and personal communications.
- Revised Crypto Export Control Rules Released. The U.S. Commerce Department on January 12 announced the issuance of revised regulations governing the export of encryption products. While permitting the export of previously controlled items, the new rules maintain a complex and burdensome licensing scheme, and retain substantial restrictions on the ability to exchange information concerning encryption.
- Draft Crypto Regs Fall Short of Administration Promises. The Commerce Department has released draft regulations on encryption exports. The proposed revision would established a complex and burdensome regulatory regime that falls far short of the major liberalization promised by the Administration in its September announcement of a policy change.
- Administration Announces New Encryption Policy. On September 16, the White House announced revisions to U.S. export controls on encryption, the specific details of which have not yet been drafted. As part of its new initiative, the Administration released a final version of the Cyberspace Electronic Security Act (CESA), which addresses law enforcement access to decryption keys; funding for the Technical Support Center in the Federal Bureau of Investigation; and protecting the confidentiality of government techniques used to obtain access to plaintext. EPIC is questioning whether the privacy of average users will truly be enhanced under the new policy. A complete archive of materials is available, including the text of CESA and a transcript of the White House press briefing.
- House Committees Gut SAFE Crypto Bill. Two House Committees have completely overhauled the Security and Freedom Through Encryption (SAFE) bill, which would relax export controls on encryption. The revised language and legislative reports issued by the House Armed Services Committee and the House Intelligence Committee are available online. The various versions of the SAFE bill will now go to the House Rules Committee, which will decide which language will be presented to the full House.
- House Committee Amends and Approves SAFE Crypto Bill. On June 23, the House Commerce Committee approved the Security and Freedom Through Encryption (SAFE) bill, which would relax export controls on encryption, with several amendments. One of the amendments (PDF format) would make it a crime to fail to decrypt encrypted information when ordered to do so.
- Government Seeks Review of Crypto Decision. The Department of Justice filed a petition for rehearing on June 21 seeking to overturn the Ninth Circuit Court of Appeal's opinion in the Bernstein case,which held that encryption source code is scientific expression protected by the First Amendment.
- Appeals Court Rules Crypto Controls Unconstitutional. In a long-awaited landmark decision, the U.S. Court of Appeals for the Ninth Circuit ruled on May 6 that U.S. controls on the export of encryption software violate the First Amendment. EPIC participated in the case -- Bernstein v. Department of Justice -- as a friend-of-the-court and filed an amicus brief opposing the controls.
- Encryption Export Bill Introduced in Senate. The PROTECT Act of 1999 (Promote Reliable On Line Transactions To Encourage Commerce and Trade) was introduced in the U.S. Senate on April 14. See the floor statements of the sponsors for details on the latest proposal to relax crypto export controls.
- House Judiciary Committee Approves SAFE Crypto Bill. The House Judiciary Committee approved the Safety and Freedom through Encryption (SAFE) Act of 1999 on March 24. The legislation would relax U.S. export controls on encryption, but contains a controversial provision that creates a new federal crime for the use of encryption to conceal criminal conduct. The bill will next be considered by the International Relations Committee.
- Groups Urge Court to Reject Crypto Controls. EPIC has coordinated the submission of a "friend-of-the-court" brief arguing that U.S. export controls on encryption violate the First Amendment. The brief, which was joined by a broad coalition of organizations and several noted security experts, supports the challenge of Prof. Peter Junger, whose case is now pending before the U.S. Court of Appeals for the Sixth Circuit.
- U.S. Official Says Key-Escrow Crypto is Inferior. In a government document obtained by EPIC, a high-ranking U.S. official acknowledges that "key-escrow" encryption is "more costly and less efficient" than non-escrowed products. See EPIC's press release for more details.
- Cyber-Rights Groups Welcome New Crypto Coalition. EPIC, the ACLU and EFF have issued a joint statement on encryption policy, welcoming the creation of the industry-led Americans for Computer Privacy. Meanwhile, Vice President Gore has sent a letter to Sen. Tom Daschle reiterated the Administration's commitment to preserving the ability of law enforcement to access the plaintext of communications and stored data.
- Crypto Survey Finds Little Global Support for Restrictions. The Global Internet Liberty Campaign released the first comprehensive review of cryptography policies around the world in February 1998. "Cryptography and Liberty: An International Survey of Encryption Policy" finds that few countries restrict technologies for online privacy.
- Bringing the Cold War Home. The President's Commission on Critical Infrastructure Protection calls for the establishment of a new national security bureacracy and recommends limitations on personal privacy and government accountability. Also endorses key escrow encryption (summary).
- Europe Rejects Key-Escrow. In a major blow to U.S. policy on encryption, the European Commission has issued a policy paper that is highly critical of key-escrow encryption proposals and crypto regulation generally.
- EPIC Testifies on Computer Security. EPIC recently testified before the House Science Committee in support of the Computer Security Enhancement Act of 1997, H.R. 1903. EPIC said the measure would help restore public confidence in decision-making on technical standards by federal agencies.
- EPIC Files Suit for Crypto Czar Travel Records. The Electronic Privacy Information Center filed a Freedom of Information Act lawsuit in federal district court, seeking the disclosure of the travel records of Ambassador David Aaron. The suit was filed on the eve of the G-7 summit where it is expected that the White House will be pushing for international acceptance of key escrow encryption. The multi-nation OECD earlier this year rejected a similar proposal.
- Schlafly on Crypto. In a column titled Encryption is Essential to Freedom, Phyllis Schlafly argues "it should be the policy of the United States to encourage wide dissemination of strong encryption technology."
EPIC relies on support from individual donors to pursue our work.
Subscribe to the EPIC Alert
The EPIC Alert is a by-monthly newsletter highlighting emerging privacy issues.